On Mon, 6 Jul 2015, Liam O'Toole wrote: > On 2015-07-05, Gordon Messmer > <gordon.messmer at gmail.com> wrote: >> On 07/05/2015 04:51 AM, Liam O'Toole wrote: >> >> At this point, I don't think it's even possible to set >> ForwardX11Trusted=no any more. The X SECURITY extension was replaced >> with "X Access Control Extension" several years ago. > > The perceived difference was a general impression on my part, and not > measured scientifically. Moreover, it was formed years ago, and on a > variety of Linux systems. I concede that it may well be obsolete. EL6: ssh -X -o ForwardX11Trusted=no somehost xterm <select some text in the window> X Error of failed request: BadAccess (attempt to access private resource denied) ssh -Y -o ForwardX11Trusted=no somehost xterm <select some text in the window> All well. ssh -X -o ForwardX11Trusted=yes somehost xterm <select some text in the window> All well (unsurprising really, seeing as it means the same thing). -X/-Y/ForwardX11Trusted still do exactly what they've always done, no? You're trusting the remote host to not misbehave if you use -Y or ForwardX11Trusted=yes since at the very least you're opening up a fairly large information leakage to the remote host. That's fine if you do trust it, but it really isn't if you don't, surely? jh